From 7b6dccc82fa5b03cf431742c0655e5ac954e228e Mon Sep 17 00:00:00 2001 From: Anatoly Burov Date: Wed, 7 Sep 2016 14:09:45 +0300 Subject: Fixed #27191 -- Fixed debug view crash for requests with 'items' in GET/POST/COOKIES/FILES. --- django/views/debug.py | 40 +++++++++++---------- tests/view_tests/tests/test_debug.py | 70 ++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 18 deletions(-) diff --git a/django/views/debug.py b/django/views/debug.py index ccc2753a00..a92f487bb1 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -290,7 +290,7 @@ class ExceptionReporter(object): 'unicode_hint': unicode_hint, 'frames': frames, 'request': self.request, - 'filtered_POST': self.filter.get_post_parameters(self.request), + 'filtered_POST_items': self.filter.get_post_parameters(self.request).items(), 'settings': get_safe_settings(), 'sys_executable': sys.executable, 'sys_version_info': '%d.%d.%d' % sys.version_info[0:3], @@ -301,6 +301,10 @@ class ExceptionReporter(object): 'template_does_not_exist': self.template_does_not_exist, 'postmortem': self.postmortem, } + if self.request is not None: + c['request_GET_items'] = self.request.GET.items() + c['request_FILES_items'] = self.request.FILES.items() + c['request_COOKIES_items'] = self.request.COOKIES.items() # Check whether exception info is available if self.exc_type: c['exception_type'] = self.exc_type.__name__ @@ -913,10 +917,10 @@ Exception Value: {{ exception_value|force_escape }} - {% for var in request.GET.items %} + {% for k, v in request_GET_items %} - {{ var.0 }} - 
{{ var.1|pprint }}
+ {{ k }} + 
{{ v|pprint }}
{% endfor %} @@ -926,7 +930,7 @@ Exception Value: {{ exception_value|force_escape }} {% endif %}

POST

- {% if filtered_POST %} + {% if filtered_POST_items %} @@ -935,10 +939,10 @@ Exception Value: {{ exception_value|force_escape }} - {% for var in filtered_POST.items %} + {% for k, v in filtered_POST_items %} - - + + {% endfor %} @@ -956,10 +960,10 @@ Exception Value: {{ exception_value|force_escape }} - {% for var in request.FILES.items %} + {% for k, v in request_FILES_items %} - - + + {% endfor %} @@ -979,10 +983,10 @@ Exception Value: {{ exception_value|force_escape }} - {% for var in request.COOKIES.items %} + {% for k, v in request_COOKIES_items %} - - + + {% endfor %} @@ -1101,16 +1105,16 @@ File "{{ frame.filename }}" in {{ frame.function }} {% if request %}Request information: {% if request.user %}USER: {{ request.user }}{% endif %} -GET:{% for k, v in request.GET.items %} +GET:{% for k, v in request_GET_items %} {{ k }} = {{ v|stringformat:"r" }}{% empty %} No GET data{% endfor %} -POST:{% for k, v in filtered_POST.items %} +POST:{% for k, v in filtered_POST_items %} {{ k }} = {{ v|stringformat:"r" }}{% empty %} No POST data{% endfor %} -FILES:{% for k, v in request.FILES.items %} +FILES:{% for k, v in request_FILES_items %} {{ k }} = {{ v|stringformat:"r" }}{% empty %} No FILES data{% endfor %} -COOKIES:{% for k, v in request.COOKIES.items %} +COOKIES:{% for k, v in request_COOKIES_items %} {{ k }} = {{ v|stringformat:"r" }}{% empty %} No cookie data{% endfor %} META:{% for k, v in request.META.items|dictsort:0 %} diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 714723c957..7a450306f5 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -464,6 +464,43 @@ class ExceptionReporterTests(SimpleTestCase): html = reporter.get_traceback_html() self.assertIn("http://evil.com/", html) + def test_request_with_items_key(self): + """ + An exception report can be generated for requests with 'items' in + request GET, POST, FILES, or COOKIES QueryDicts. + """ + if six.PY3: + value = '' + else: + value = '' + # GET + request = self.rf.get('/test_view/?items=Oops') + reporter = ExceptionReporter(request, None, None, None) + html = reporter.get_traceback_html() + self.assertInHTML(value, html) + # POST + request = self.rf.post('/test_view/', data={'items': 'Oops'}) + reporter = ExceptionReporter(request, None, None, None) + html = reporter.get_traceback_html() + self.assertInHTML(value, html) + # FILES + fp = six.StringIO('filecontent') + request = self.rf.post('/test_view/', data={'name': 'filename', 'items': fp}) + reporter = ExceptionReporter(request, None, None, None) + html = reporter.get_traceback_html() + self.assertInHTML( + '', + html + ) + # COOKES + rf = RequestFactory() + rf.cookies['items'] = 'Oops' + request = rf.get('/test_view/') + reporter = ExceptionReporter(request, None, None, None) + html = reporter.get_traceback_html() + self.assertInHTML('', html) + class PlainTextReportTests(SimpleTestCase): rf = RequestFactory() @@ -519,6 +556,39 @@ class PlainTextReportTests(SimpleTestCase): reporter = ExceptionReporter(request, None, "I'm a little teapot", None) reporter.get_traceback_text() + def test_request_with_items_key(self): + """ + An exception report can be generated for requests with 'items' in + request GET, POST, FILES, or COOKIES QueryDicts. + """ + if six.PY3: + value = "items = 'Oops'" + else: + value = "items = u'Oops'" + # GET + request = self.rf.get('/test_view/?items=Oops') + reporter = ExceptionReporter(request, None, None, None) + text = reporter.get_traceback_text() + self.assertIn(value, text) + # POST + request = self.rf.post('/test_view/', data={'items': 'Oops'}) + reporter = ExceptionReporter(request, None, None, None) + text = reporter.get_traceback_text() + self.assertIn(value, text) + # FILES + fp = six.StringIO('filecontent') + request = self.rf.post('/test_view/', data={'name': 'filename', 'items': fp}) + reporter = ExceptionReporter(request, None, None, None) + text = reporter.get_traceback_text() + self.assertIn('items =
{{ var.0 }}
{{ var.1|pprint }}
{{ k }}
{{ v|pprint }}
{{ var.0 }}
{{ var.1|pprint }}
{{ k }}
{{ v|pprint }}
{{ var.0 }}
{{ var.1|pprint }}
{{ k }}
{{ v|pprint }}
items
'Oops'
items
u'Oops'
items
<InMemoryUploadedFile: '
+            'items (application/octet-stream)>
items
'Oops'